Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]
Continue Reading...
Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?
Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the Cloud (or using the Cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]
Continue Reading...
Posted in Agile Methodology, Cloud Security, DevOps | Comments Off on 7 things to consider when transitioning your applications to the Cloud
Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]
Continue Reading...
Posted in Application Security, Cloud Security, Cryptography | Comments Off on A primer on protecting keys and secrets in Microsoft Azure
A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]
Continue Reading...
Posted in Application Security, Cloud Security, Fuzz Testing, Software Security Testing, Vulnerability Assessment | Comments Off on With comparisons to Heartbleed, Cloudbleed may affect millions
Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]
Continue Reading...
Posted in Cloud Security, Ethical Hacking, Software Security Testing | Comments Off on 5 security industry buzzwords we love to hate
Containerization is a relatively new way to host and deploy applications in comparison to the traditional hardware-based deployment or VM-based virtualization. It’s fast, cost effective, and efficient. But is it secure? Let’s find out. The concept of containerization. While Docker and containers are the talk of the town in the DevOps world, the concept of containerization […]
Continue Reading...
Posted in Cloud Security, Software Security Testing | Comments Off on Examining containerization security challenges and solutions
Cloud computing has influenced IT delivery services (including storage, computing, deployment, and management) with the maturity of automation and virtualization technologies. With these maturing technologies, a major obstacle in the adoption of cloud computing is security. Cloud security testing, as a relatively new service model, allows IT security testing service providers to perform on-demand application security testing […]
Continue Reading...
Posted in Application Security, Cloud Security | Comments Off on Cloud-based application security testing challenges and tips
A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices […]
Continue Reading...
Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks
Originally posted on SecurityWeek Less than ten minutes driving west from my home, you encounter a vast expanse of large, windowless buildings. Situated near them are impressive physical plants dedicated to cooling these buildings and providing back-up power in the case of a power failure. Whenever I drive past these complexes I always point them […]
Continue Reading...
Posted in Cloud Security, Software Security Testing | Comments Off on Embracing the security benefits of the cloud infrastructure
Originally posted on SecurityWeek The first chunk of actual sky recently slammed into the ground with a resounding thud. The security community has been actively telling the world that the Internet of Things (IoT) is ripe for compromise and exploitation. Unfortunately, the public has shoved aside these “Chicken Little” warnings in hopes of getting all […]
Continue Reading...
Posted in Cloud Security, Internet of Things, Software Security Testing | Comments Off on The IoT sky is falling: How being connected makes us insecure
